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FILE SECURITY 
INIROLUCTION 


B1i800/81700 systems support ae file~security mechanism which 
protects disk files against accidental or deliberate misuse. A 
secure files for examples cannot be removed» changed» or referm 
enced in any way by an unauthorized user. This document provides 
a basic introduction to the current file security mechanism 
provided by the B8180C/B1700 MCP. 


File security is based» essentially» on one aspect of file-naming 
convertions that have existed since the inception of 81700 disk 


files: the ccncept of the multifite-~identifier. If the multi- 


file-identifer is enclosed in parentheses» eeges CPAYROLL)/<file- 
name>» and designated as a PRIVATE file in the Disk File Header 
CDFH)» the file is a secured file- A large portion of this 
documents then» is devoted to explaining the proper conditions 
under which file names with secure sultifile-id’s can be accessed 
and createde 


Disk file security is an optional feature as far as the 
B1800/81700 operating systea is concerneds However s once the 
system ts invoked» there are well-defined rules for its use. It 
should be noted» also» that file security is not limited to 
dataccmm activity but applies to bcth batch and remote modes of 
operation» even though its erent eet epplication is in the area of. 
datacomm operations. 


‘This document provides a full discussion of both batch and remote 


applications af file security. It describes the structure of 
disk files created under file security and explains how to 
operate PeCgraks that access secure files. 


SECURE EILE ALENTIFIERS 


Disk file security is maintained through control of che multifin 
le-id since secure files may only be created with names of: 
C<multifile~id>)/<file-name>. When a new secure file is created» 
the sultifilecid given to the operating system is taken from the 
usercode field in the CSYSTEM)I/USERCCDE file. In the context of. 


file creations eile multifile~id and the usercode are functionally 
the sdmeo 


Secure files are also controtled through specification of 42 


pack-id that is associated with every usercade/passworde If a 
user pack~id is blank» files are created» dy defaults on the 
system diske One cractical implication of this system is that 


the cperating system cannot locate any secure disk file without 


going to the CSYSTEMJ/USERCODE file. If the system usercode file 
9S not presents secure files cannot te located or processed by 
the operating systems even though they are actuatly resident on 


diske 
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When accessing (reading) a secure files the operating system goes 
to the system usercode file for the tocation of the file 
Cpack-id) and checks the Disk File Header CDFH) for access rights 
CPRIVATE of PUBLIC). If the file is found and the access rights 
are PUBLIC» then any user can access the file. If the rights are 


PRIVATE» it can be accessed only by a privileged user or by a 
program running under the Same usercoccee. Access rights defined 
in the usercode’ file are used wher creating a new file. When 


accessing an old file» security ts taken from the header. 


RELATED DOCUMENTAILION 


Nage 


Number 
B1800/B1700 wmcP II PeSe 2212 5426 
B1800/B817C00 Software Operational Guide 1068731 
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SYSTEM/MAKEUSER 


The file~security system is initiatec by creating a system user= 
code file through SYSTEM/MAKEUSER. Input to SYSTEM/MAKEUSER 
~—6consistss basically» of usercode/password pairs in a format which 
as defined in the USERCODE ATTRIBUTES section below. The program 
creates a usercode files called CSYSTEMIJUSERCODEs» which contains 
a list of valid usercode/passwecrd fairs. Any batch program or 
remote user which attempts to create a secure file with a emulti=~ 
file-id Ci.ew» usercode) that is not in this file or not his own 
will ke denied the opportunity to do sc by the MCP. 


Access to usercode~related files is also Nanurelled through the 
use cf PUBLIC and PRIVATE attributes that are stored as part of 
the disk file header. Public files are able to be accessed by 
any users» but private files are available cnly to their owners 
or privileged users. Usercodes can be defined as PRIVILEGED in 
the CSYSTEM)/USERCODE file if users wish to allow certain user 
codes to access Cread) private files end write them back to disk. 


SYSTEM/MAKEUSER is a normal "state utility program used to create» 
access» or madify CSYSTEMI/USERCODEs» the system usercode file of 
allowable usercode and password comtirations. Variable fietds 
- are termed “usercode password entry attributes” and define the 
characteristics of the individual entries (maximum nuaber = 
1023). ithe declared types and tengths of these fields are: 


Userccde : | - 10 characters 


Password | - 10 characters 
Pack™id — o* - 40 characters 
Charge number | - 24 bits 

User priority -~- & bits 
Privileged hit - 7 bit. 
Security 7 | - <1 bit 
Cverride - 1 bit 
Security level - 2 bits 
Maximum TimeC( Minutes) - 16 bits 


BNA Hostname. | - 17 characters 
SYNTAX DIAGRAM CONVENTIONS 


euneax diagrams display the required format for usercode attrib- 
utes and input commands» and the rutes of such diagrams are: 


1. Any path traced atong the’ forward direction of the 
arrows witl produce valid syntax. 


Ze Any bridge over a digit may be traversed the maxiaua 

number of times specified by a digit. If the digit 
is followed by an “*"» then the path must be crossed 
at feast one time. | | 
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ae ee 7 1 \=-==> = MAY be traversed only once. 


be sone fl *£\ ===> = MUST be traversed once. 


3- Uppertcase letters in the syntax diagramgs indicate 
keywords which are Literally itn the commands. Minimum 
abbreviations are indicated by underscoring. 


he Erd-cf-statement 1s indicated bys: 


~— = ae ommo=> i 


Comments after the final operand may be preceded by a 


Doe io 


Se Lcwer-case Letters» words» and phrases are syntactic 
variables» which represent information to be supplied 
by the usere (See DEFINITION OF TERMS below.) 


DEFINITION OF JERMS | 


The following section defines the syntactic variables NAME>» 
INTEGER» USERCODE SPECTFIER and INPLT FILE NAME>» IDENTIFIER» as. 
well as the delimiters used in the ccsmand syrtax diagrams. 


Names a string of up tc 10 alphanumeric charac~ 
| ters» exchudira blanks and delimiters. A 
name may be a null strings which is defined 

as two adjacent quote signs (""). 


Integer: | a string of onty numeric characters. 


Deliwiters: | the following special characters: blanks 
: C™™)» equal sign C=)» and stash (/). 


Family: | a group of usercode/password combinations 
| that atl have the same usercode. 


Nufi String: two adjacent cuote #arks CTP) space is 
a not allowed between then. | 


Usercode Specifier: consists of a character string of up ta 
: a eight characters for a usercode and sepa- 
rated from the password» which may contain 
ten characters» by a stash €/)- The first 
mame is the usercodes» and the second name, 
is the ovasswerde An optional form is 
available using the character "=" as the 
password. This indicates atl usercodes of 
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Password Specifier: 


Input File Name 


User Job Priority 


Identifier 


sens 
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—PeSe 2219 0102 CG) 


the first name-< The null string is allowed 


as the passwerc nawfers and results ina 
password of blanks. | 


consists of a character string of up to ten 
characters. A blank password may be specm 
ified as a null string (""). 


Examples: 


ae CJOEVSPASSWORDI 


be | JOE/PASSWORD2 
C« JOE/= 
de JOEs"™" 


consists of up tc three character strings» 


of up to ten characters each» separated by 


the character “/*» to form a standard MCP- 
recognizabie file name. Note that the "=" 
form and the nutl string are not allowed in 
ae | | 


Examples: 


ae SO MYFILE 


De  USERCODE/MYFILE 
Ce MY-PACK/USERCODE/MYFILE 


denotes» by integer» the highest priority 


at which a batch job can be run. This 
prevents a euser at a rewote terainal from 
running a job «at a higher priority» for. 


examples than z2 retwork controtler. 


A string of up to 17 characters for use as 
BNA hostnamee Lower case will be trans-~ 
fated to upper case and underscore will be 
translated to ¢ minus signe 
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USERCODE ATIRIBUTES 


Input to SYSTEM/MAKEUSER requires the syntax: 


<keyword> = <attribute> 


where <keyword> is one of the valid keywords Listed below» the 

equals sign ts optional» and <attribute> is a character string or 
integer which does not exceed the tength specified for the 
attributes. The keyword options US and PW are required» and all 
others are optional. fhe null strirg ("") is valid for password 
CPW) and pack-ridentifier CPACK=). | 


If. an option that requires an <attribute> is used» it must be 
followed ty input. 


syntax: 
i<< SS" s= ee or eee ee ee eee a aaa ar i 
j 
2Ses ee SSe/ 1*\ ees SS Uy sss === a <Nake> Sera Se ee ># 

i i i 1 
f === ‘31 i 
j | i 
fet 12\eres == PE Sess eer ees <haker ==> * 
i I i } 
i fr~ = 79] 1 
j | 3 i 
t==/ 1\===>=2= PACK ss--2e---- <name> ~"->1 
i | i f a ! 
i is= Ss >I i 
J | a | ! 
ASP iNeSS Ss" CNG Ses rose es <integer> ~I 
i | t i | { 
j | | f-- = ==>] i 

a | | ' 
21 \" == s> == PRL ===s=4 “s=uce= <integer> ~| 
i | i t 
i | i-- = -->] i 
! | | f 
Pea LIN ee Sk Sse" => “~---=—~ <integer> ~! 
i as i | { 
f t-- = >] 1 
i : i 
fares ee PLY: Ses 235 Se ee eee ere oe Pe > 
f i i 
i I-- *NONPRIV --1 


i _ | re | 

. PSS 1 \eree="= PUBLIC s<293<4ssse==s5=s=> 
j | ia j 
{ f“- PRIVATE ~--] 
i - 7 . 


am GC am am SO sep ten wid 


_8= = © 4, # a | 2-5 
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[onsen -m= MAXTIME ---"""--""- <integer> -1 
r y 1 7 
| I-- = -->1 ‘ 
1 | : ; 
"= HOSTNAME ------- ---=- <igentifier> --1 

to 1 | 4 

I- = <=>] Jo--- &ANY ----] 
1 
l---- *NONE ---1_ 


Semantics: 


The keyword 
as follows: 
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associated default attributes are 


Cption Attribute Default 

Us Usercode None 

PW Password None > | 

PACK Pack specificaticn System disk 
CHG Charge nunber 0 

PRI Limiting user jck priority rf | 

zPRIYV Privileged tndicator Not privileged 
aANONPRIV Nonorivitleged incicator . Not priviteged 
PUBLIC Security PRIVATE | 
PRIVATE Security PRIVATE 

sb security tevet 0 

MAXTIME Default maximum execution time 0 Cinfinite) 
KOSTNAME a 


BNA hostname | *NONE 


Examples: 


US=NEWUS PW=NEWPW CHG=6666 PRI 4 PACK NEWPACK *PRIV 
CHG=1000 PRI=7 US=NEWUSL PW=NEWPASSI | 
US=NEWUS Ph="" PACK=NEWPACK SL=1 

US USERCODE PH PASSWORD PUBLIC 

Us Y Ph BCUZ *NONPRIV PRIVATE 

US NEW PW LIMIT MAXTIME = 4 2 this is a comment 
US HN PW ANY HOST #*ANY 


FESTRICTIONS 


The restrictions for PACK and Security below are enforced hy 
SYSTEM/MAKEUSER since the MCP uses the “FINC FIRST" communicate. 


PACKS indicates default pack. ALL usercodes which belong 


tc the same family «ust default to the same packs 
TeCo» System or user packe 7 | | | 4 


all userccdes which belorg to the same family must 
have the same security» 14«€e PUBLIC or PRIVATE. 


LINE PRINIER QUIPUI 


SECURITY: 


The tine printer output from the list command is formatted as 


follows: 


evant 
‘2 


AORN cement te en em a ene es 


" SYS TEM/HAKEUSER™ 


SYSTEM USERCODE 


LSERCODE 


INDEX 
0139 CACT) 
0014 Ccactu) 
0287 CALFuRD) 
0830 CANALYLO) 
0065 CANALYI1L) 
1023 CANSI74) 
9208 CANSI74) 
0161 CART) 
0056 CARTHUR) 
0858 CAV) 
0515 (8B) 
0486 (BAMBI) 
0634 (BARN) 
0075 (BATES) 
C692 (CBAUERLE) 
1003 (¢@DLC) 
1022 C8DLC) 
0772 (SEN) 
6210 (BIGELUW) 
1019 C¢BNA) 
2021 (BNA) 
102C BNA) 
O011 CBNA) 
0079 (BP) 
0022 CRRYAND 
0157 (BUG) 
0152 CBURGER) 
1018 C€BLODC) 
101€ (¢B19DC) 
0468 €B6800) 
o771 («C) 
6156  (CACHEXY) 
1015 CCANDE) 
0421 C(CANDE) 
0315 (CC) 
0318 (CF) 
6647 (CHOYE) 
06/7 (CCHRISTY) 
0331 (CL) 
064i (CLO) 
0588. (CLH) 
0132 (COBIN) 
1014 (COBOL/4) 
0024 (CON) 
0884 CCONTROL) 
0335 ¢€CR) 
6905 (CRIN) 
6346 (C5) 
0509 ¢CURRY) 
10i3 0 (C740R) 
0569 (DA) 
0503 (DAA) 
0426 CDAH) 
(DASOLG 


nay y 


FILE 


LE .GRAAC 
ART 


KE 

YARD 

AL 

R 

BDLC 
CLEM 
MCP 
RICHARD 
ARNOLC 
HYAMS 
MURPHY 
YARDI 
BELINDA 
SHELLY 
SQUAD 
Ton 


BA 


St. 
OFFLINE 


CHRISTY 
RANDY 
PoBOo 
CL 
CYNDY 
DMS 
DARRYL 
PRIV 
CLH 
PATCH 
cP 
KLEIN 


SAWYER 
PRIVY 
Br 
DRA . 
DENNA 
DUN 


oye 
relat 


AT HOST 


Yan O oe e2ooeon2a anoeo ao ance ead ovoe eo oO 02 oc O08 FE 0 PM O@ Oo0ce e000 O20 80800 O8O Oace 


PASSRORE GVFRRIDE PACK =e 


MAKN XK oO. 


HELE AS 
WoL AVE S® RUN DATE 
DIF AULT CHARCE DEF MAX 

NUMBER PRIORITY 
aSV¥S DISK* 2000000 12 
u 9000000 12 
SMC P c900000 12 
SMCP 9000090 12 
SCP 0700000 12 
ANS I74 9000600 12 
ANSI74 0009000 12 
uC 0090000 12 
B 0000C09 12 
x 00017000 12 
*SYS DISK* 0888088 12 - 
DC 0000009 14 
BNA 0000000 12 
D 0000000 i5 
*SYS DISK* 0900000 i2 
*#SYS DISK* 0000030 (12 
*SYS DISK* 0900000 i2 
SMCP 0900099 12 
*SYS DISK* 0900000 12 
DNA 0000090 12 
BNA 0000000 12 
BNA 0900600 12 
BNA 0900000 12 
*SYS DISKe 06000000 12 
DATACOMM 0000000 12 
U 0000000 12 
x 0000600 12 
D 0000090 12 
y 0000000 12 
eS¥S DISKs 0000000 12 
*S¥S DISK* 0909000 12 
#SYS DISK* 0000000 2 
BNA 0000000 12 
BNA 0000000 12. 
x 0900000 12 
*S¥S DISK*® 0000039 12 
RIC 0000000 12 
*SY¥S DISK* 0000006 12 
x | 9000040 12 
DATACOMM 0000000 12 
*SY¥S BISKe 0990000 12 
-*#SYS DISK* 0000600 12 
COBOL74 0300000 12 
*SYS DISK* 900000 12 
PATCHE.6 0000000 12 
x 0090009 12 
«SYS DISK«* 0900000 12 
*SYS DISK* 9000000 15 
*SYS DISKe 6009000 12 
CCBOL74 0300000 12 
eS¥yS OISK* 0000090 12 
*SYS DISKs 0907090 12 
DAT ACOMM 9009009 iz 
GAEL 00039099 i2 
oe eee eae .S THC AN \? 


~puBLic 


— PUBLIC 


- PUBLIC 
PUBLIC 


- puBLIC 


“PUBLIC 


(COMPILE DATESTIME = 


= JULSDAY 


SECURITY 
TYPE 


PUBLIC 
PUBLIC 


PUBLIC 
PUBLIC 
PUBLIC 
PUGLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PRIVATE 
PRIVATE 


PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 


PUBLIC 
PUBLIC 


PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
puaric 
PUBLIC 
PUBLIC 
PRIVATE 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PUBLIC 
PHED Te 


LEVEL 


= SPEeOOOMAOOOASSHSO SLAM SOOHAHEOOOHOSCOSCSOHMSM OSM OeQoa2 2 CFPC FE eECTe MReAnan 


02 DECEMBER 1980 


MCNCAY 


17 NOV 1980715318) 


11°07349.9 


WerRIY* 


*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*#PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*#PRIVILEGED 
*PRIVICEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*#PRIVILEGED 
*#PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 


*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 


*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
*#PRIVILEGED 
«PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
sPRIVILEGED 
*PRIVILEGED 
sPRIVILEGED 
«PRIVILEGED 
*PRIVILEGED 
*PRIVILEGED 
ePRIVILEGED 
ePRIVILEGED 
aPRIVILEGED 
ePRIVILEGED 
*PRIVILFGED 
ePRIVILE GED 


aPRrurrEr rH 


USERs 
USER® 
USERs 
USER« 
USER 
USEF®s 
USER* 
USER® 
USER* 
USER® 
USER« 
USER 
USER* 
USER® 
USER® 
USER* 
USER*s 
USER* 
USER®s 
USER®* 
USER * 
USER= 
USER 
USERe 
USER®# 
USERs 
USER« 
USER® 
USER* 


HOSTNAME 


USER*® — 


USER® 


USER® | 


USER® 
USER® 
USER® 
USER« 
USER 
USER® 
USER® 
USER® 
USER® 
USER®« 


USER® 


USER*s 
USER« 
USER* 
USER®* 
USER * 
USER®s 
USER« 
USE Ks 
US~EKs 
USER« 
USER* 
uspre 


*NONE 
*NONE 
*NONE 
*NONE 
*NONE 
#NONE 
*NONE 
*NONE 
*NONE 
enONeE 
*NONE 
*NONE 
*NONE 
*NONE 
*NONE 
*NONE 
«NONE 
*NONE 
*NONE 
*NONE 
*®NONE 
*NONE 
en ONE 
*#NONE 
*NONE 
“NONE 


®NONE 


*NONE 
@NONE 
*NONE 
*NONE 
*NONE 
*NONE 


 *NONE 


*NONE 
*NONE 
*NONE 


*NONE. 


*NONE 
*NONE 
*NONE 
*NONE 


*NONE 


*NONE 
®NONE 
*NONE 
*NONE 
*NONE 
*NONE 
*NONE 


*NONE © 


*NONE 
*NONE 


*NONE 
ah ape 


MAXTIME 
MINUTES 


00000 
00000 
00000 
00000 
00000 
00900 
00000 
00000 
00000 
00000 


00000 


00000 
000090 
000900 
00000 
00000 
90009 
00c00 
00009 
00000 
00000 
00000 
00000 
00000 
00000 
00000 
00000 
00000 


00000 


00000 
00000 
00000 
00000. 
00000 


00000 


00000 
00000 
90000 
00000 
00900 
00000 
000090 
00000 
00000 
00006 
00000 
90600 
00000 
00000 
00000 
00600 
00000 
00000 
60000. 
AAKGAN 
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Notes? 

OV: reports that the pack override bit» which is 
automaticatly set when the default pack is 
not on-line» has been set on. This bit can 
be reset by the ODT message: US <us>/<pw> 
RV. 

INDEX: reports the actuél number of the ertry in 
the table of usercodes maintained by the 
programe 

*SY5S DISK* is defined as the <pack~id> for those 


entries createc with the blank Cde fault) 
pack specificaticns. 


*PRIVILEGED USER# is output only for those entries which were 
: created with the *PRIV cption or chanced to 
privileged with the CHANGE command. 


*ANY : this usercode/pessword is valid from any BNA 
host as well as from the tocal host. 


«NONE | this usercode/rpassword is invatid from atl 
| BNA re@ote hosts. CIt is stitl valid from 
the locat host) 7 | 


PROGRAM EXECUTION 


The program can be executed from the operator display terminal 
CODT) or through the card reader» The required usercode/password 
variables can come from cards or cisk or be input individually 
through the ACCEPT mechanism Csee COASOLE KEYBOARD EXECUTION). 


CONSOLE KEYBOARD EXECUTION 


After SYSTEM/MAKEUSER is executed» the program generates an 
ACCEPT message to show that the program ts ready to accept input 
compardse As commands and entries gre entered the program vali- 
dates theme Itlegal parameters are noted through error messages 
that egppear on the ODT» indicating that the input process should 
be repeated. The norgwal process of CDT execution would invotve: 


EX SYSTEM/MAKEUSER | 
SYSTEM/MAKEUSER = <job-number> ACCEPT. | 
goer AX <command> <cptional comment> 


Commerts may be addec to command recerdss they must de preceded by 


a percent sign "he 


. | | | ee | | 279 
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—-s CARD READER EXECUTION 


The system usercode file can be created from a card deck 
preserted to the system tin the foalloning form: 


2EX SYSTEM/MAKEUSER 
2DATA NEW/USER.CODES — 

<usercode entries> 
ZEND> 


The fite witt be automatically created» Listec» and placed in the 
appropriate name table stot. 


AUTOMATIC FEATURES 


If acard file named “NEW/USER.COCES" is present at BOJ or after 
execution of a create command» the program will automatically 
create and tist the usercode file. SYSTEM/MAKEUSER will then go 
to E0J- No operator. intervention is required under these circum- 
stances. | | 


If the program switches are set tc "Ls CEX SYSTEM/MAKEUSER 


SWITCH = £}» the program produces a listing af the existing user= 
code file and then goes to EQJ.- Nc operator intervention is 
required. Rote that "L” is a tegitisate» non-zero vatue for a 


. 81800781700 program switche 


If the program switches are set ta “P"» £CEX SYSTEM/MAKEUSER 


SWITCH = Pd)» the program produces a card deck of the existing 
usercede file and then goes to EQJ. No operétor intervention is 
requirede Note that *P*" is a Legitimates nonzero value for a 


B1800/81700 pregram switche In this ways all current ADDs» 


CHANGES and DELETES are captured. 


ANFORMATIONAL MESSAGES 


SYSTE¥/MAKEUSER disolays informational messages which are self- 


explaratory on the host ODT when it arrives at BOJ» adds or 
deletes usercodes»s= or tists or punches the CSYSTEMI/USERCODE 
file» etce The displays are for the user's information and 


require no direct response. 
PROGRAM JERNINATION 
SYSTEM/MAKEUSER way be normatty terminated by an END or EOJ 


commerde. (See COMMAND section below.) The normat £0J message 
then appears on the SPQ. : | 


COMMANDS 
The syntax» semantics» and exaagpties of the actuat ODT input 
commands are contained in the following secttioane The mininum 


abbreviations for the commands are indicated by the underscored 


porticn of each commande and the comgands are presented tn alpha~ 
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| betical order. 


The commands way be abbreviated with a minimum of three letters. 
More than three letters» up to the tull spelling» may atso be 
used if the spetting is corract. For examples PUNCH may be 
abbreviated as PUN and as PUNC> but PUNH is” a misspelling and 
would be rejected as a valid command even though the first three 
letters do sunply the minimus atkbreviaticn. Three~letter 
commands must be entered in full. 


COMMAND RESTRICTIONS 
It is strongly recommended that allt usercode/password changes to 


the CSYSTEMI/LUSERCODE file be made when no other jobs are running 
and the usercode file is definitely not im use by any program 


runnirg under the file~security mecherisme Changes other than 
CHANGE and CELETE may safely be wzde to the usercode file when) 
other jobs are in the mix. However» failure to observe this 


warning @ay result in the Loss of data. 


CHANGE and CELETE should not be used while other programs are 
runnirg because these commands May Céeuse a change to the index of 
valid usercode/passuord combinatiors that the operating systen 
must have in order to open cr to Leck 2 disk file into the direc- 
tory. For this reason CREATE is not allowed when other programs 
are in the mix. The operating system further needs the index to 
correctly point to the usercode when it checks the security of a 
read or a write on a file with a secure multifite id. 


If a user knows for sure that the usercode file is not being 
accessed by the operating system Ce.ege» there are no programs 
which are running unger a usercode cr accessing secure files)» 
then file maintenance can safely be cerformed on the system user 
code fite in the form of a CHANGE or DELETE. Further discussion 
of the wethod of cverriding these prohibitions are contained in 
the separate discussions of CHANGE and DELETE. | | 
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ADD 
syntax: 
|< erm nn en nnn wenn nnn nn--=-- alakatatataiatetetaieteteteteteteteteteted | 
1 
ae ACD Se = Jie\ 27322 US smerart etree <name> wettest ere ene ne ># 
<< ' f 1 | 
i (= =. ==>] ! 
j ] 
Pees IANS S eee Pa Seas ess “-" <name> =-->] 
a | | i | | i 
l jor = 2-9] «i | 
| : re | 
(e471 \er ses 75 PACK steer s"==" <name> --=>1. 
{ 7 an | 3 1 
j (2 =] Soy. * i 
1 | 1 
Lees [| \eros + <> CHG. “9s <se>ss- <integer> 7] 
j | i j ! 
! p=". = S93] 1 
{ | | i 
Pees/iNestetccc= PRI“ -= “se-== <intecer> ~] 
i 7 j { i 
i [*" = <5] | 1 
| | i 
Pee /j{\ cree Si. == === “ss=see= <integer> ~] 
i i { ee | 
i {-- = -=>j] j 
| * 3 i. 
Pew s1Necwencr~ PRIVY wesc SSeS. ee a > 
j i | i 
| | f-~- *NONPRIV --1 
i 
| PUBLIC wwe es seem eo cenecene > 


i---- HOSTNAME ---------- 


Semantics: 


CSYSTEM)/USERCODE file. 


The ADD command allows the user to add entries 


PRIVATE 


Jommemmn- MAXTIME mo--="--"-- <integer> ->1 


i i | | i 
js= =. ==>] a I 
| 
<identifier> ~->1] 
i id | 2 
few=> ANY =--~1 
i | i 
I---- #*NONE ---! 


to the 
The keyword options and their. associated 


 € 
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*NONPRIYV 
SL 
~ MAXTIME 
HOSTNAME 
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Attribute 

Usercode 

Password 

Peck specification 

Charge number ; , 
Limiting user job priority 
Security 

Security 

Privileged user 
Ncerpriviteged user 
Security level 

Default maximum execution 
BNA hostnamne 


Note that the US and the PW options ¢re requireds while the rest 
are cptional. The password name cr pack specifier may be the 
null string which indicates a blank fassword or system diske 


Examples: 


<job-rnumber>AX ADD US=NEWUS PW NEWPN CHG 4444 PRI=5 PACK=MYPACK. 
<job-number>AX ADD US=NEWUS1 PW=NEWPh1 % SYSTEM OISK IS DEFAULT 


<job-rnumber>AX ADD US NEWUS2 PW="" PRI 7. PACK="" % SYSTEM DISK 
<jobcrumber>AX ADD US=USA PW PWB PUBLIC | 
<job-number>AX ADD US = USERCODE PW = BILL % DEFAULT IS PRIVATE 
<job-number>AX ADD US=BERTHA PW=BIG #NONPRIV PRIVATE 
<job-number>AX ADD US REMOTE PW BNA KOSTNAME *ANY ZX “®ANY™ means atl 
| - | _ | : Remote BNA hosts. 
<job-numter>AxX ADD US REMOTE PW ANY HOSTNAME ANY % “ANY™ is the actual 
_ | | ad name of the remote 
| . BNA host | | 
<job~number>AX ADD US STUDENT PH 3 MAXTIME = 3 % maximum execution time 
- | 4% 3 minutes : 
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CHANGE 
syntax: 
>-~ CHANGE ----- <usercode specifier> """“- 10 ceretrrere----- ==> > 
| <tr nme en ne enn e nn nnn -n-- lalate teeta ! 
f | | | | | : 1 
>> eee meme PY come mwomenwnm= Cf gge> TTT ee ee ween oo =e a ae me cm a om ome 
| j-- = -=>] : i 
( a | 1 
Lee ZINA PACK So seeseo-—=- “ne= <nake> co<s-===>1 - 
a | =. = =>] | i 
i | | 1 
Pee FTN" CHG Sse eS=ss3ee— = “= <integer> 7c..;- >I 
f a i-- = ==>] a | 
| | : | | f 
L227 1\"> PR. S225 <= “Sear ewe <ynlegqer> =-===- >|: 
1 Je 2 == 54 = | i 
| | | i, 
StF iNne= Gb. Sree tere ses S49] <i nteder>. ===s=> | 
i | es Se SS] [4 ! 


| | , i 
! 1 


t i-- PRIVATE ---->! 
| | 
P—-J1NKm PRIVY eae c tne nt nn nn ene e nner nnn ene = >4 
1 ( i | i 
i I-- *NONPRIV “-->1 i 
i : i 
Dltataetate wena en= MAXTIME -a9-"%"""" <integer>->! 
| i 4 : 
ft | : I-= = -->! : { 


i : | ' 
Pmm------= HOSTNAME <--<"---<=-- <identifier> ->1 
} ‘ a : ‘ 
[- = => fJe--- sANY ----1 
| 7 | | 
[---- NONE --~1 


semantics: 
The CKANGE command allows the user to change the attributes of an 


entry or entries in the CSYSTEMJ/USERCODE file. Only those 
attritutes indicated by the optians shcwn above can be changed. 


The keyword options and their asscciated attributes are as 


follows: 


BURROUGHS CORPORATION 
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epeven Attribute. 
PW Passuord: 
PACK Pack specification 
CHG Charge number 
PRI Lisiting user job priority 
PUBLIC File accessing rights 
PRIVATE File accessing rights 
*PRIV | Privileged user 
*NONPRIYV Nongrivileged user 
SL Security tevel 
MAXTIME Default maximum excution 
HOSTNAME BNA hostname 

The CHANGE command miniaum abbreviation is CHAe The usercode 


specifiers the titeral TO» and one of the options are required. 
Exaarples: 


<job-number>AX CHANGE JOE/PASSWORD! TO PW=NEWPASS CHG=5555 PRI=7 

-_ <job-number>aAxX CHA JOE/= TO CHG=3333 PRI=5 PACK=NEWPACK 

; <job-nuaber>AxX CHA JOE/NEWPASS TO CHG=44444 

_ <job-number>AX CHA JOE/™" TO PRI=7 CHG=9999 

<job-number>AX CHA USERCODE/= TO PUBLIC 

<job-number>AX CHA BERTHA/= TO PRIVATE «*PRIV 

<job-number>AX CHANGE OLD/USER TO HOST=NEWHOST | 

<job-nuaber>AX CHANGE STUDENT/1 TO ¥AXTIME=3 2 execution timeCminutes) | 

<jobc-number>AX CHANGE CLASS/= TO HOSTNAME #*NONE % atl usercodes in this 
2 group are now denied 
* execution from alt 
2 remote BNA hostse 


WARNING: CHANGE should not be used while other programs are 
: runninge f3 
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CREATE 
Syntax: 
es CREATE SS 8 OS OE TNE ONES HANDS SHOE A Bee amaaoanaae> J | 
m=O ! ’ | 
[m-=“=>< input file. fase>=-=>s=s29+---ss>>- >1 
i | | i i 
{ | , I--> DISK ~----->]1 
1 | i 


| ~~ =. am on an CP aw ew ow on oe a 1 oe a an oD a lia aa aaa oie aes? 


Semantics: 


The CREATE command allows the user te create a new CSYSTEMJ/USER- 
CODE file. The user is attlowed to specify the input file name>» 

which is assumed to be a card file unless the keyword DISK is 
presert in which case the specified disk is searched for the 
file. If no options are present a card fite named CARD is 
assumed. The format of the input file records is specified in 
the subsection USERCODE ATTRIBUTES. 


Examples: 


<job-number>AX CRE MYCARDS | 

<job-number>AX CRE MYDISK/CARDFILE DISK 

<job-number>AX CREATE MYPACK/MYODISK/CARDFILE DISK 
<job=number>AX CREATE *"  %CREATES DEFAULT USERCODE FILE 


If users wish to create the usercode file through entries from 
the GOT atone» the format CREATE *" can be usede CREATE "™” 
produces a default usercode file that contains one entry (Ca 

privileged user). Further entrtes are then ADDed to the 
CSYSTEMI/USERCODE files one by one. 
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DEBUG 
Syntax: 
>e* DEBUG -----+------------------ a on enn nen nnn nnn en nnn nef 

ae, Ae : ' 

| oem nnn een nnn n n> ON cee een ene nne------- <--->] 

i | | | _ ' 

| omen nen [FF oan en new se new sn ne wnan >I 


Semantics: 


GN activates Orinting of debug outgfut on the printer. OFF 
disables the printing. The default cf this command is DEBUG OFF>» 
and a DEBLG without parameters inverts the tast value. 


If neither ON or OFF is specified» the value of the DEBUG 
attritute will be inverted Ci-eew» if it was OFF» it will be ONs 


or vice versa). Duplicate entries sill reset the option to the 
same value (Ci.@€e» no change). 


Exaapte: 


<job-number>AX DEBUG ON 
<job-number>AX DEB 
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LELETE 
Syntax: 

“25- DELETE anee------> usercode specifier ~---e--------------->8 


Semantics: | 


The CELETE command allows the user. ‘to delete existing entries in 
the CSYSTEMI/USERCODE file.» The “=" cption of the usercode spec~ 
ifier allows the deletion von group of usercodes of the same 
names and the null string indicates a password of blanks. 


Exaaples: 


€job-number>AX DELETE USERI/PASS1 
<job-nusber>AX DEL USER2/= 
<¢job-number>AX DELE USER3/PA5SS3 
€job-number>AX DEL USER4/"" 


WARNINGS DELETE should not be used while other programs are 
runninge | 
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SISPLAY 
syntax: 
alas DISPLAY wa reat nen nnn connec nee n anne —— mmm sslealeteateahe beteeteatetteteeaetateates > 


--- 1 ' 
| Ii-- <us specifier> ---~1 
t 1 | 
i | 
fi“ SORTED -~i 


> SAAR Mme Rm meen ene ewes ee ne —_ on «en an as OO GR DE AP GD EP Oh aE Ow aD wD om emt am SSS eae 
: i 4 | | | | ' 
I-- *PRIV -----1 I-- HOSTNAME ---------- <identifier> --1 
4 | i | I fa i 
i-- *NONPRIV -~1 DE Petes ANY -o-=1 


i | ' 
J---- sNONE --~1 


The DISPLAY coamand allows the user to display the existing 


CSYSTEMI/USERCODE file on the ODT (Cor Remote ODT if program 
Switch 0 = 10). The default» no options set» is to display the 
entire fite. If a usercode specifier is present only that user 
code or usercodes are displayed. The *PRIYV option eee the 
displaying of onty peayynesed usercocese 


icbsaduheenns DISPLAY HARRY/= *NONPRIV Z Display on ODT those usercode/ 
| = % password pairs of HARRY which 
Z are nonprivileged. 


% Display only those entries 
Z which are privileged and 
@ Which are valid from any. 
Z remote hoste 


<job-number>AX DISPLAY *PRIV HOST #ANY 


<job-number>AX DISPLAY 2Z This witt cisplay the entire usercode file. 
| x If it is desired to interrupt this Cor any 
2% display) befcre its normal completion then 

z merely enter the next command. 
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END 
Syntax: 
>@— END emt ee www wwe ce m mw ee we een cen ee eww eee e cena oreo e weer nmwm=-> # 


Semantics: 


The EXD command allows the user to terminate the programe 


Examples: 


<job-number>AX END % THIS IS THE SAME AS “E€0U" 


sok 


te 
ci 
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£QJ 


Syntax: 


>-- ECJ Se a ns de ec eas ee. ST ee 


Semantics: 
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=~ on an ae ome ae ee a on oe oe an — an a om an oe oe on ow om en ew am em Sy 


The €CJ command aliows the user to terminate the programe € See 


also END.) 


Exasgples 


<job-number>AX EQJ Z ALTERNATIVE TO "END* 


BURROLGHS CORPORATION 
COMPUTER SYSTEMS GROUP 


COMPANY CONFIDENTIAL 
81800/81700 FILE SECURITY 


_ SANTA BARBARA PLANT P.S- 2219 0102 (CG) 
LISI 
syntax: 
See LS]: Sees =F [SS = 2 2S == a ban a lan ac a > 
--- i | | i 
Im---- <us specifier> --~-~>1 
! | S$ 
eet aL Ng) mee eter ie ae 
i. : i 
t-— SORTED -~=-—{ 

Pe we resem emme mono wna sscn2e= oe en ee mee eee me me eee ># 
| | { | , j 
b-- *PRIV s-e--1 Im HOSTNAME s“""------ <identifier> --! 

4 q , 4 i 4 1 
i-- *NONPRIV -~1 | bm = =>4 Pernrm #ANY -o--] 
I f 
ferrr~ #*£NONE ~~~] 

semantics: 

The LIST command allows. the user to list the existing 

CSYSTEMI/USERCQDE fite on the line printer. The default» no 


options set» is to list the entire filtee If a usercode specifier 
is present only that usercode or usercades are listede The *PRI¥ 
opticr allows the listing of only privileged usercodes. ~ 


Exaapless 


<job~nusber>AX 
<job-number>Ax 
<job-number>Ax 
<job-number>Ax 
<job-nusber>Ax 


LIST 

LIST JOE/JOESPASS 
LIS JOE/= 

LIS JOEs"" 

LIS *PRIV 


LEST HOSTNAME HUB Z Lists only entries which are 
| | % valid from the remote host 
2 celled “HUB™. 


<job-rumber>Aax 


LIST REX/= HOST SA1 Z List only those entries of REX 


Z which are valid from the remote 
Z host "SAI". | 


<job-number>ax 


Z List only those entries for 
Z which alt remote access 15 
yd invalid. a 


<job-number>AX LIST HOSTNAME *NONE 


_<job-number>AX LIST *NONPRIV HOSTNAME USER3 Z% List only those entries 


x which are NON PRIVILEGED — 
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&£ and which are valid for 
% remote BNA host "USER3". 


= eRe gg SE TE PE SS 
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FUNCH 
Syntax: 
29@ PUNCH some setts stress ese eens nese n mam n anes ennesenancemanmanmn > fi 
nas j ee a | 
Jerrerr"= <usercode specifier> e*77777>] 
1 | - | 4 


Semantics? | 


A copy of the current usercode file» inctuding atl additions» 
changes or deletions since the Last creations will be punched and 
interpreted in a format suitable for an automatic CREATE. It is 
Labelled “NEW/USER.~CODES". (See PROGRAM EXECUTION.) | 


If a usercode specifier is present» only that usercode or family 


of usercodes are punched. The *PRIV option allows the punching 
of onty privileged usercodes. 


Examples: 


<job-number>AX PUNCH ; 

<€job-number>AX PUNC JOE/JOESPASS 
<job~number>AX PUN JOE/= i 
<job~number>AX PUN JOE/"* 
<job~number>AX PUN #PRIV 
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OUIPU] ODI ERROR MESSAGES 


When an error is discovered on an input record or in an _ ACCEPT 


messages the following diagnostic error messages will be 
displayed on the OCT: | 


"UNKNOWN COMMAND “<command>* » TRY ONE OF “CHANGE» ADDs DELETE> 
CREATE» LIST» DEBUG» PUNCH» COPY» END» OR EOJ." 7 
“COMMANDS MUST BE FROM 3 TO 6 CHARACTERS IN LENGTH.* 


"UNRECOGNIZED COMMAND/KEYWORD™ <input command> “OR TOO MANY 
PARAMETERS FOR THIS COMMAND.® 


"PARAMETER REQUIRED AND NOT FOUND FOLLOWING <input parameter>." 
"REQUIRED PARAMETERS WERE OMITTED FOR THIS COMMAND." 

“NUMBER FIELD FOR "CHARGE NUMBER® Cor “PRIORITY"] TOO LARGE." 
“"CSYSTEM)/USERCODE" FILE NOT ON CISK» COMMAND IGNORED.” 
“™CSYSTEM)/USERCODE” FILE LOCKECs COMMAND IGNORED." 


"MAXIMUM FILE SIZE OF 1024 ENTRIES EXCEEDEDs COMMAND TERMINATED.” 


“INVALID USERCODE “<usercode>" ENTRY DISCARDED." 


“DIFFERENT PACK NAME FOR SAME USERCODE" 
<usercode> "ENTRY” DISCARDED." 


“FILE NAME MUST BE SPECIFIED WITH “DISK™ OPTION» COMMAND IGNORED." 
"PACK NAME IS INVALID FOR CARD FILES COMMAND IGNORED." 
"INPUT FILE SPECIFIED IS NOT ON CISK» COMMAND IGNORED." 
"NO USERCOCE FILE PRESENT» COMMAND IGNORED.” 
@ SPECIFIED ENTRY DOES NOT EXIST» COMMAND IGNORED." 
"KUMERIC FIELD CONTAINS NON“NUMERIC CHARACTERS.” 
"INVALID DELIMITER "<delimiter>"» COMMAND IGNORED." 
"CHANGE TO PACKNAME REQUIRES “<usercode>/=." 
"<usercode>/<password>" ALREADY EXISTS." 


“CANNOT CREATE USERCODE FILE WITH NO ENTRIES. USE CREATE *" FOR 
CEFAULT." | | 


“SECURITY WISMATCH = MIXED ""PRIVATE"® AND “"PUBLICT™ NOT ALLOWED.” 


st 
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“CHANGE TO SECURITY REQUIRES ""<usercode>/=""." 
"CANNOT CHANGE ALL PASSWORDS." | 

“CANNOT SPECIFY BCTH PUBLIC AND FRIVATE." 
"CANNOT SPECIFY BOTH *PRIV AND *NONPRIV.* 
"REMOTE EXECUTION CENIED.” — 


“ILLEGAL USERCODE."™ 
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CREATING SECURE EILES 


BATCH MODE 


Once the system's usercode file has been established» secure 


files can ke created hy prograas executed under aevatid 
userccde/passnord»> @eGer | 7 


| | 2? US PAYROLL/ACCT EX X 
When the MCP executes program Xe it associates a usercode with 
any files created by the program. This association is called job 
spawninge Control commands that ére zipped by programs or 
subsitted through the card reader must also be prefixed by a 
userccde/passwerd pair if they access secure files. . | 


If pregram X creates a new file Labeled CHECKS» the MCP will tock 
inte the disk directory a file tabeted CPAYROLLI/SCHECKS. This 
file is a secure file and can only be accessed by programs = run 


under the usercode PAYROLL or a privileged usercode. To do 
library maintenance or this file» ore has te precede the ODT 
co@marnds with the usercode and passers Thus» the fottowing 


 messaces are vatid: 


USER PAYROLL/ACCT RE CHECKS 
USER PAYROLL/ACCT CH CHECKS 1C pc 
USER PAYROLL/ACCT COPY =/= 10 PAYROLL 


The following CDT commands are not valid: 


RE CHECKS 7 ZThere wilt be no such file. 


RE CPAYROLL )/CHECKS ZThe MCP wilt not Pee this command 


asincee a fcerson 4S attempting to remove 
Za secure file. 


PD CHECKS 7 az the MCP will says NO FILE CHECKS. 


if program Ys executed under a different usercode or no usercode > 
attempts to access the fite CPATROLLI/SCHECKS>» the MCP will | 
disallow tte | : | an. 


In some instances it may be desirable to create secure files that 
can be accessed by all usercodes (Cpriviteged and nonprivileged). 
This can ke done by designating those files tao be PUBLIC. In the © 
exasple showr above» by default» the file CPAYROLLI/CHECKS was 
made PRIVATE and consequently no cther non-privileged user could 
access ite However» if CPAYROLLI/CHECKS were a PUBLIC file then 
program Y Cexecuted with a different usercode ~ say FINANCE/VP) 
coutd access this file by stating that the Label of the file is 
"CPAYROLLI"/"CHECKS". If Y is a cOeCL program» then it does this 
in the FD section by Seae gs 


pis 
# 
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VA OF ID IS "CPAYROLLI"/*CHECKS" 


When Y attempts to open this file as input or input/output Ci-ee» 
existence of this file is assumeqa)» =the MCP does a search (for 
file “CPAYROLLI"/S"CHECKS" and checks to see if the fite is 


PUBLIC. If it is» then the MCP allecws access. The prograa can 


read this file; ait can write intc it Cif opened input/output) 
and then close tte As a “*nublic™ files CPAYROLLI/CHECKS coutd 
contain updates made Ly program Y. | 


PUBLIC FILES 


There are three ways of designatina a file to be a public fite. 
They are: oe _ 


1- By doting a file equater eager 


US PAYROLL/ACCT EX X FI CHECKS SECURITYTYPE PUBLIC 


The above example assumes that the internal name of the file. 
is CHECKS.» The key word SECURITYTYPE and PUBLIC indicate to 
the MCP that the file is being made PUBLIC. 


Public files can be made private Cy the same process if one 
replaces PUBLIC by PRIVATE. Thisse howevers is usualty unnem 
cessary since the default is PRIVATE when a program is 
running under a usercode. 


cs After a file has Leen created anc locked into the dtsk direc 
tcry» the file may be made PUBLIC by modifying the headers 
@axG-p 


US PAYROLL/ACCT WH CHECKS SEC PUBLIC 


Ze SYSTEM/MAKEUSER has an option whereby alt files created by a 
sfecific usercode can be made PLBLIC. When creating the 
CSYSTEMI/ZUSERCODE fite Ct.«e@ep the file that contains the 
usercode/password pairs)» the keyword PUBLIC can be asso-~ 
ciated with any usercode/password paire This telts the MCP 


that every new file created with this usercode/passuord will 
be made PUBLIC... | 


Currently» there are ro constructs ir any programming language to 


make files PUBLIC or PRIVATE. 


CONTROL QF 1/0 


If a file has been designated to be PUBLIC then the creator of 
the file has the option of ccntrctling the tyne of I/0 that 


another user can performs 1-2@ee inputs» outputs I[/0-6 Thus» 1 f . 


CPAYRCLLI/CHECKS is a PUBLIC readworty file» then the program Y 


running under the usercode/password fair FENANCE/VP can read this 
file cut cannot write into Ite 


« 
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READTONLY FILES 
There are two ways of creating read-only filese They ares. 
1. Hy file equation: 

US PAYROLL/ACCT EX X FI CHECKS SECURITYTYPE PUBLIC 
. TAPUT 
SECURITYUSE OLTPUT 
I.C 

The keywords SEC and SUS can be substituted for SECURITYTYPE 

and SECURITYUSE» respectively. The options INPUT» QUTPUT>» 

ard 1.0 indicate whether the file is read only» write anly» 

or for reac/write. 3 ; 
2. By modification of the file header: 

US PAYROLL/ACCT MH CHECKS SEC PUBLIC SUS INPUT 
| | | | OUTPUT 
1.0 

CONVERSION TO SECURE FILES 
In converting non-secure files te secure files» the most direct 
method is to use a system utility program to copy input files to 
the proper pack under the secure multifile-id. If users wish to 
make the conversion programmaticctly» they must take the 
following points into account: | | 

ae Security designation 
t. Location of the input file 
ce Location of the output file 


Ce Filename 


The first consideration is that of tte security designation given 


the usercode/passwerd pair under which the program is rune If 
the pair is privileged» it can read and write files with any 
valid s#ultifiletids» secure or nontsecuree. [fe for examples 


PROGRAM/X is executed under the privileged usercode/password oaf 
PAYROLL/ACCTS>» it may access a file called OLD/INFO and make a 
new autput disk file called CNEW)J/INFQ Cif a usercode/password 


combination for CNEW)/ANYNAME has been declared)» produce a new 


output file catled CPAYROLLI/INFO thet is located on the disk 
pack that is specified in the usercoce file» cr create a new file 
called WNEW/INFO. Privileged userccde/passwords have those 
optiors open to them. 7 7 


The location of the input file» which is non=secure» is deter- 


mined by the file identifier» whatever it happens to De « The 
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Location of the output file is determined by the usercode if it 
is a secure files by the full file identifier if it is a non- 
secure file. A secure fite may be created or system disk either. 


by usirg a usercode/password with a ro default pack-id or by 
tellirg the MCP not to change the file name with an asterisk (#) 
as the first character of the multifilerid. This convention is 


explained more fully in DEFAULT ICENTIFIERS. 


The filename is restricted onty if a secure file is being 
created. ‘Since the gultifile"ia is betng supplied by the oper~ 
ating systems anew secure file canrot have a declared name with 


both a multifile-id and a filename. Furtherwores no progragns 


running under a usercode may create a new system file» i.ee» a 
file with a single ftilename Located cn system disk. 


When the usercode is non-privileged»s the following conditions. 
would be in effects» where the same feur points are concerned: 


The ronwprivileged user may access a non~secure file with a 
multifile-id which is not its own tut cannot create a file with 
any cther mulfifile~id than its cwn. Thus» PROGRAM/X may read 
OLD/INFO but cannot create CNEWI/INFC or NEW/SINFO. 


The iccation of the input file is the same as specified above for 


nonsecure  fites. The output file» is tocated in only one of 
three places? on the system disk» on a specified pack» or on the 
userccde’s default pack. If the fite naming convention 1s over 


riden by the asterisk conventions tte file will be tocated on 
System disk» cCtherwise it will be created on the user's pack. 


Non-privileged users are resticted to creatirg output files with 
a Multifilerid that is their usercode and a filename that is 
assigned by them. Any ettempt to circumvent this restictton is 
prohitited by the operating system. Furthermore» if a user 
program running under a nonwpriviteged usercode/password comnbi~ 
nation declares a file with a multifiletid and a fite~id» the 
file is not created. The only control exercised over file iden 
tifiers is in the filename. The aperating system supplies the 
pack™id and the multifite ids consecuently» non "privileged users 
must not attegpt to write and ciose files with file identifiers 
cther than that of their default packs their own amultifilerids» 
and a ftitev~id. The packwid and the wulitifileid would automati- 
cally be supplied by information from the system usercode file» 
but the duplication of effort» thens would be ailowed for program — 
documentation. | 


CEFAULT IDENTIFIERS 


When a file is being closed with lock» the operating system 
autogatically associates the usercode of any usercode/password 


pair with any new filename and Locks that file on the pack spec 
ified as the default pack for that usercode/password pair» if no 
instructions are presented which override the convention. 
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Both non-privileged and privileged users are allowed to override 
the default naming convention through the asterisk~convention 
C#). | An asterisk that precedes 2 multifile~id instructs the 
operating system not to change the filename as it appears. For 
non=privileged users (Cwho cannot Icck a new file without their 
Own usercoaode as the gulfifile-id)» this means that the file is 
saved on system disk or a specifiec user packe For privileged 
users Cwho can Lock a new file witt any name that does not 
violate security naming conventions)» this means that the file 
can be saved an system disk» a specified user pack» and/or with a 
multifile~id of their choice. The asterisk» then» is used to 
override default pack names and multitfitler-ids» within the 
restrictions allowed for privileged éerd nonsprivileged users. 


To override the default pack namea in the usercode entry» users 
must specify a pack name» as tn the fallowing example: 


I-O-CONTROL. | | 
MULTIPLE FILE DISKPACK "P" CONTAINS CHECKS 


FILE SECTION 
FD CHECKS : | : 
VA OF ID IS “CHECKS* z2This is equivalent to 
—— 4 VA of ID is “P*/"CHECKS"/ 


The CCBOL statement above wilt cause the MCP to create a file 
named P/CPAYROLL)/CHECKSs irresnective of the default pack id. 


If tr the above exaaple there was a default pack "DP" associated 
with the usercode tin CSYSTEM)/USERCOQDE and the COB80L program did 
not have a pack defired Cieew» ra MULTIPLE FILE statement) then 
the file would have gone to the pack DP and its name would be 
DP/CPAYROLLI/CHECKS. If a defauit pack ts defined and if the 
user wants to took for or create a file on system disk then the 
asterisk convention is required. tThuss the fcllowing statement: 


VA OF ID IS *"*CPAYROLL)"/"CHECKS* 
wild cause the MCP to took for a tile on system disk with name 


CPAYRCLLI/CHECKS. The "*" ais therefore a way of overriding the 
default pack designation and/or default multifile-id designation. 
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SECURITY LEVELS 


The Security Level usercode attritute defines the multi-file-id's 
that the usercode may accessSe The véelid values are O» is and 2. 
A value of 0 allows any value for the nulti~file~id. A value of 
1 allows the sulti-file-id to be set to any usercode (for exam 
ple» “CPAYRCLL)I"). A value of 2 allows the multi-file-id of a 
file bteing accesssed only to be the sas#e as the usercode supplied 
with the input command or the same that the job is running under. 


These rules are relaxed stightly if the command entered is one | 


that executes or compiles a prograage A usercode with a non~zero 
security evel can “EX CEMPALL™ cr “COMPILE PROG WITH COBOL TO 
Li". However» ausercode with a security level of 2 cannot “EX 


CUSERBI/PROGI" unless the usercode incentifier in the US command 


All cf the security checking and enfcrcement that is based on the 


— security level attribute is in <accition to other security 


checking. | 
ACCESS? PRIVY Vo- NON=PRIYV 


Userccdes which are designated as privileged are allowed to 
access or create secure files with gultifile~ids other than their 
own ard this constitutes the major difference between the these 
two types of usercodes. Tables 341 and 3-2 show how the privinm 
tege option affects four different files involving the two types 
of usercodese | | 


j Usercode i PRIV ! Filename dichadueaaee i Access { 
beens —- & om on an 7 ana. 2 2 On a a ae a an SS Se Se Se 0 ee OS Se a ee a ae ee eee eee 
P1. CPAYROLL> 1 YES ° ft <dp>/CPAYRGLLIZA { ALlowed | 
i2- CPAYROLL)D ¢$ YES to <dp>/CUSERAISA { Al towed 
235- CPAYROLL) #§ YES 1 *«(€A)/B | i Attlowed | j 
14. CPAYROLL) | YES 1 <packw1d>/A/B i Allowed } 
{ Se Oe OF On Se oe ee me ee 4 
$1. CUSERAD 1 NQ j <dp>/CUSERAI/A {i Attowed i 
i202 CUSERA) i NO 1 <dp)/CPAYRCLLIZA i Denied I 
$3. CUSERAD i NO { #CA/3 i Denied . i 
~—4e CLSERA) 1 NO ! <packtid>/A/B 4 Allowed | 


Table 3.1 Comparative Access Privileges 
Table 3e1 presumes the following conventions: 


<dp> names the default pack asscciated with the usercode in the 
7 system usercode file. To override this conventions § the 
user weuld have to precede the filename with an asterisk 

and specify a pack name» af the file did not reside on 
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system disk. If the asterisk is specified» the MCP looks 
for the file» by default» on tte system disk. 


_« used to override the default fpack"id and/or wmultifile~id 


designation. If the file is rot a secure file» as in the 
last instance for both usercodes» the pack name must be 
specified when accessing a file that exists on a user packe 


In the first instance» both usercodes are allowed to access files 


under their own multifile-ids. Where the privileged user is 
allowed to access files under anothers sultifiletid €2)» the 


non-privileged user is not. The non-privileged user is also 
denied access to secure files on system disk» as indicated by the 
*«<multifile-id>/<file~id> in case threee The last instance shows 


that both the priviteged and non-privileged user can get any 
monwsecure file. Note that the pack identification must be spec~ 


ified in this instance because there is no default pack designa- 
tion for files that do not have a usercodee Privileged usercodes 
also have the option of creating new output files with pack~ids 
and aultifile-ids which are not their owns as shown in Table 3.2. 


Lock: eery Ys- NOW=eRLY 


i “Usercode | PRIV. to “Filensee: Created: 41. Approval 1 
i 2 On 8 OE a a Oe ee ee a Oe ae ee Se ee ee ee ee ee © nee on on os oe ae nee ee oe oo an cae ee a eee Can oe ae es om a ee HD ee Oe cE ON om eo 
22. CPAYROLL) 1 YES  f <dp>/CPAYRCLLIZA 1 Allowed - 
12. CPAYROLL) | YES 1 <dp>/CUSERAIZA i Atlowed I 
13. CPAYROLL) 1 YES § #*€A/B — 1 Allowed aa 
14. CPAYROLL) | YES F <pack~id>/A/B ' Atlowed  §& 
| ase 2426 om om ss wm am ee em me oe oe a a ee ee <b 1S GD OR TED CD OD ED OW “<2 252 GED UND are Hy 
di. CLSERA)D 1 NO 1 <dp>/CUSERAD/A. 1 Allowed i 
12. CUSERAD ! NO 1 <dpd/CPAYRCLLIZA | i Denied ~ 4 
13. CUSERA) JI NO f #*CA)/B «| Denied f 
l4e CUSERAD § nO Ff <pack"id>/8/B 2 {' Denied | | 


Table 3.2 Comparative File Creation 


The ccnventions that existed for Table 3.1 also exist for this 


table. Notice that the non-privileged user is not allowed to 
lock a non-secure file into the disk ee ie 


APPENDED USERCODES 


If a program running under a usercode ZIPs a control statements 
the usercode of the zipping program is automatically appended toa 
the controt string. Thus» ZIP "RE CINVEN)/A™ will be interpreted 


as USER PAYROLL/ACCT RE CINVENDZA anc will be disallowed unless 


PAYROLL is privileged. If the zipoing progras inserts a USER 
string in the zipped command then this usercode becomes effective 
and net the usercode cf the zipping frogram. Thus» ZIP USER 


INVEN/TORY RE CINVEND/ZA will remove the file. This may tead one 


to conclude that one user program can rerecve the files of 


\ 
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another» but this ts possibte onty if the password of the other 
user 1s known by the first. | 
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PREFIXED ODOT COMMANDS 


Usercode/password must be prefixed tc a ODT control command if 
the command results in modification cr removal of a secure file. 


The fcellowing COT commands are aftected by this rule: 


CH» CO» EX» MHe MO» OF» RB» RE» RFE 


‘Exaapless: 


EX. CINVENJ ZA : | Z Invalid command 


CH CINVENDJ/A Tao Xx % Invalid command 
USER INVEN/TORY CH A TQ *#xX % Invalid command 
USER INVEN/TORY EX CINVEN)D/A % Valid command 
USER INVEN/TORY EX A % Valid command 
USER INVEN/ TORY CH ATO X |. % Walid command 
USER FL/ZAPPO CH CINVEAND/FA to *Xx zZ Valid command if 
. | | EL/ZAPPO is a 
4 privileged user. 


The ccmmands KA and KP can be appliec to any filer eege» 


KA CINVENDZA | Z is aK 
KP CINVEND/A | % is OK 
KA CINVEND/= % is OK 


It is not necessary for a PD to be preceded by a usercode so: 


/ USER INVENSTCORY PD A 
f | 
PD CIAVEND/A is the same as < | or 
\ 
\ US INVEN PD A 


USERCODE BACKUP FILES 


Backup fites created ty programs run under a usercode have a 
naming convention that is different from the current naming 
convertion. Backup files created urcer usercode PAYROLL have the 
following names: 


<default pack for PAYROLL >/CPAYVROLL J/8<integer>z printer 
or | 
<default pack for PAYROLL >/CPAYROLL)/2<integer>z punch. 


to prints removes» display secure backup files» the PBs RBs and BF 
commards must be preceded by the éppropriate usercode and pass~ 


| words a 


USER PAYROLL/ACCT PB 3 2 will print <def pack>/CPAYROLLI/#3 


USER PAYROLL/ACCT RB =/= % will regove allt a files for 


Z this usercode 


3-10 
BURROLGHS CORPORATION _ COMPANY CONFIDENTIAL 


— COMPUTER SYSTEMS GROUP B1800/81700 FILE SECURITY 
: SANTA BARBARA PLANT | | | PeSe 2219 0102 (CG) 


REMOIE MODE 


Prior to the VI.i release of the MCP and SYSTEM/MAKEUSER» remote 

applications programs ordinarily required remote users to iden~ 
tify themselves through a usercode and password before they were 
allowed access to the system. This was true for WCS-type 
programs such as CANDE which handled individual remote stations 
as well as for RJE/CCNTROLLER which allowed a remote computer to 
function as 4 remote terminai in the HKOST/RJE system. Further- 
mores under that system» jobs in those configurations were 
contrclled through a job~spawning frocess that attached a user 
code and unique session number to the batch jobs executed and 
compiled Cieee» Spawned) from the resote terminal. 


The present security system is an extension of ‘that. design. When 
a reactesapplications program is running under a secure usercodes 
users must sign ons as before» through usercodes and passwords-« 
The mew security system» howevers allows only those usercodes and 
passwords that are currently contained in the (CSYSTEMI/USERCODE 
file to have access te the systes through a remote program. This 
means that unless remote users have teen authorized entry to the 
systesr through previously validated tsercodes and passwords» ney 
cannat sign on or tog on. 


Furthersores any jobs spawned from ¢ remote terminal or computer 
wiil be checked for security violaticrs according to the same 
standards that have been discussed previously in the BATCH MODE 
subsection of this document. For exagples a remote user who 
attempts to access the secure file of another user and is not 
priviteged to do so will be denied access to that file. The job 
is either not scheduled or DS~eds dependirg upon the state at 
which the security violation occurs. The security designations 
for ény file which an individual user creates will be determined 
by the security designation given in the usercode/password entry 
in the CSYSTEMISUSERCODE file» unless specifically overridden. 


It should be stressed at this point that both secure and non- 
secure operations can occur on the same system at the same timee- 
This seans that a secure remote"applications cperation can be run 
in the same mix of jobs that allows ronmsecure batch processing 
to take place. Howevers the same remote~applications job cannot 
allon both secure and nonwsecure activities to take place during 
a single session. A mixture of secure and nonmsecure jobs are 
allowed on the same system because tte security system is inde~ 
pendert of the datacomm operatiors. It is maintained by the 

operating system through the CSYSTEM)I/USERCQODE file. 


LOGTONZSIGN-ON 


Logon and sign-on procedures involve the same processes that 

have teen establishec in recent relezses» i.e.» through a user~ 
code and a password. Under file security» however» users who 
have not established valid userccdes in the CSYSTEM)/USERCODE 
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file gre denied access to the system. This ppaeedine as true for 
CANDE and HOST/RJE as well as any ¥CS“type program running under 
a secure usercodee The Supervisory Message Control System CSMCS) 
is 2 Special cases since it orcinarity dces not run under a 


secure usercode yet supports security ‘checking for those programs 
which require it to do so. 


JGB SPAWNING © 


Spawned jobs are handled in the same way that batch jobs 
involving secure files are treateds i.@e» access to secure files 
and closing a disk file with Ucck are checked for security 
violations» If a violation is founds the job is either DS~ed or 
not scheduled. Non~privileged CANDE users» for example» cannot 
GET Caccess) a private fite under another secure usercode. I f 
they attempt to execute or compile a program with the private 

file that belangs to another users» the execution or compilation 
is not scheduled. ! 


FILE HANDLING 


Ail files are saved» hy default» as private or public fites» 
according to the user's default protection as specified in the 
CSYSTEMI/USERCODE file. Usercode/pézssword combinations may have 
a default pack associated with them. If a pack has been defined 
for a particular usercodese atl fites are read from or written on 
the specified pack unless the default is overridden through the 
asterisk-conventions» or explicitly through a pack name. 


SYSTEM DISPLAYS 


Job security inhibits certain MCP cisplays so that the response 
is given only for an individual"s sessione For example» 


2WyY “a gives the status of chat serie Ponts) only. 

2MX =" reports on active jobs for chat user orly. 

PRE =~ removes only the files of the particulars active usere 

2MC == modifies only the files of the particular» active uSePre 
EACKUP EJLES 


Backup files created by programs running under secure usercodeses 
both tatch and remote» are controttec by the default designations 
of the usercode under which the job is being run. Consequently, 
the file is locked into the disk directory cf the default pack» 
assigred the wultifile~id of the usercode under which the job was 
executed or compiled» and given a number by the MCPe unless the 
default is overridden. Printer backup files which have been. 
created cy jobs running under a usercode are tocked in the disk 
directory as <default pack>/Cusercode)/#<number>. | 
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DISK PACK OEFAULIS 


Since the MCP will fcrce files to a cefault pack associated with 
the wusercode/passwor d» Syntax has been implemented to attow 
remote users tc access or save files cn a disk pack other’ than 
that defined in the CSYSTEM)/ USERCCDE file. A remote applica- 


> tions programs running under a privileged usercodese allows users 


te access files according to the fatlcwing table: 


ENTER | PACK.ID — FAMILY. 10 FILE.~ID 
A  . €default pack> Cuc) A 
A/E <default pack> AD B 
A/E ON C | 7 C of ~B 
CUCIZA | <default pack> (UC) © A 
CUC)/A ON C Cc | €ucd) A 
*CLCI/SA ee SYSTEM DISK«« (uc) A 
aA | ta SYSTEM DISKa* A 
*A ON CC 7 | Cc , A 
The number of characters in a aultifile-id» including the 
asterisk and the parertheses» may not exceed 10 characters. The 


identifiers *CABCDEFG) and ABCDEFGHIJ are weaee? while «CABCDEF-~ 
GH)» for examples is note 


since remote sere. ane usually fe autees to sign on to apptica~ 
tions programs through usercode/password combinations» atl files 


saved Clocked or disk) contain their usercode as the 
multifiletid. To access arother user's files that file must be 
chanced from private to public by the owner or be accessed by a 
privileged usercodee. When savince a file» it cannot be saved 
under someone else's usercode. Thus» a user signed on as UC/PH 
cannot save a file with the commanc SAVE AS *CANOTHER)/ A; the 
commard SAVE AS #A saves a file as CLCISA on system diske A 


commard such as SAVE AS A will put the file on disk as <default 
pack>/CUC ISA. — % -* | | 
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DEFINITIONS ANC TABLES 
FILE SECURITY IMPLEMENTATION 


Two fietds were added to the disk file header to support  fite 
securitye >, + | | 7 a 


Upon tocking a new disk file into the directory the MCP will set 
OFHe-PROTECTION.I10 to FPB.-PROTECTION.IC then took at FPB.«PROTEC™ 
TION. If it is zero Cdefault)» then DFH.PROTECTION is set to 
PUBLIC af the MULTI.FILE~ID does not cortain a USERCODE. 
However» if the MULTI.-FILE-ID does contain a USERCODE» FPB.PRO- 
TECTICON wiil be set to the security ézttribute cf the usercodes 
ieee» PUBLIC or PRIVATE] If FP3-PROTECTION is not equat to zerop 
DFHe-PFOTECTION is set to FPRePROTECTICN less one. 


CFHePROTECTION: BIT (2) 
0 ~ PUBLIC 
1 —- PRIVATE | | 
2 =~ GUARD Cnot implemented) 
CFHePROTECTION-IO0 | BIT (2) 
0 - INPUT OUTPUT. 
1 o- INPUT ONLY. 
2 ~- OUTPLT ONLY 
One CLT command was imptemented to change these fields. 
4H <file-identifier> SEC PUBLIC 
| | PRIVATE 
INPUT 
~—~6SUS OUTPUT 
1.0 


Two fielas were added to the FPS. These are used to set the 
fields in the cisk file header. B va | : 
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FPE-PROTECTION at 2) 


“DEFAULT 

PUBLIC | 

PRIVATE | ae 
GUARD Cnot inpleaented? 


ta Ym OO | 
ae oo 2 


FPEsPROTECTION-IO = = —- BIT C2) 
—Q * INPUT OUTPUT 
1 - INPLT ONLY” 
2- OUTPUT ONLY 


Two file attributes can set these FPE fields. 


SEC or DEFAULT | | SUS or 1.0 
SECURITYTYPE PUBLIC SECURITYUSE INPUT . 
| PRIVATE a OUTPUT 
GUARD : oO 7 


ACCESS/OPEN TABLE 


| Table 4eh» Security Truth Tables euctiies the steps taken by the 
MCP in determining whether prograus running with a non-privileged 
userccde may cr may not access or create a disk file. 
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- ee: 
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KEKKEREREREKEREHEKEK 
* JOB RUNNING t 
& WITHOUT A * 


*  -USERCODE te 
RRR EE RE Kt 
* NEW * OLD * 
* FILE * FILE * 


RKaEKAREKEHKEAKRKKAEKRKAKEK 


KREKEKKEKKEEKEKKEEKE 
* OPEN * C % 
RERKKKKERERRAEREK 
* OPEN * C * 
kkhkk&kkkk&kekkkekeat 
RRRERKREREKEKER ES 
& 0 & al e 
KRREEERKRRERAEKKEEKK 
& W & c rs 
KKAEREKARKEKKAKRKEK KE 
KaREKRKEAKKKEKKKKKE 
x J * N & 
KKKKAKERERKEKRAEEK Ke 
* Jo & N & 
KRERKKKEEKRERKKKEKE 
RRREKRERKEKREKEKEESE 
* OPEN * C « 


KKKKKHKKEKEKEKEKERSE 


* OPEN * Cc 


RAREKEKKEEEKRRKEKEEERK 


a Security Truth Table CNcn-privileged users) 


which the program is runninc. 


Ze set the MULTI. FILE. ID with the i under 


is runninge 
2. Altow OPEN to proceed. 


under which the program is runninge 


Set PACK.ID from the USERCOLE table using the USERCODE under 


which the program 


Set the PACK.ID from the USERCODE table using the USERCODE 


22 Set the MULTI.FILE.-IO with the USERCCDE under which the 


program is running. 

3e Search the directory. 

&. «6 fF dh6uthe file is present allon eT OPEN to 
5S. Clear the PACK-ID and the ‘WULTI- FILE .ID. 
be Proceed to. ave Co - 4 ; 


proceed. 
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Ce. 1. Search the directory. 
@e dIf the file is not ERS on chang the progras NO FILE. 
3. Proceed to Step Re 
De 1. If the USERCODE in the MULTI. FILE.~ID is not the same as the 
USERCODE under which the pregram is running then the job is 
DS~ed. 
2. Set the PACK.ID. from the USERCODE table using the USERCODE — 
a, in the MULTI. FILE.1ID. | 
«Be ALLow the OPEN to paneer 
E~ 1.2 Set the PACK. 1D from ene USERCODE cabte using the ieee in 
| the MULTI.FILE.ID. 
2e Search the airectory. 
3. If the file ts present then proceed to Step Re 
4. Clear the PACK.ID. 
Se Proceed to Step C. 
Fe 1. If the USERCOOE in the MULTI.FILEsI® is not the same as the 
USERCODE under which the orcgqraa is running: then the job is 
CS"ede . 
2. Altow the OPEN to proceed. 
G. 1. Set the MULTI-FILEsID with the USERCODE inde: aenieh-ahe- 
: program 1s runninge 
Ze ALLow the OPEN to proceed. 
He 1. If the USERCODE in the MULTI.«FILE.ID is not the same as the 
USERCODE under which the pregram is running proceed to Step C.. 
2e Search the directory. 
32 If the file is not present hang the program ‘NO Eee 
4 Allow the. OPEN to precgeds 
“Pe le Set the PACK« ID from the USERCODE table using me USERCODE in 
| the MLLTI-PACK.ID.. 
2e Search the directory. : 
3. If the file is present proceed to Step Se 
ie” Clear the PACKID.. 
5S. Proceed to Step He 
Je 1. ‘Remove the geeecisk: and shift the name left one position 
Ze AlfLow the OPEN to proceeds © a 
36 


At aa E time proceed to ‘(Step Te 


ee. ae | a —_ | a aS 
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Ke Le Set. pies MULTI.FILE.ID atk Eve usercoade under which the 
ae program is runninge | | 
> Search the directory. — | 7 | | 
20 If the file is present allan the OPER to proceed. 

. 4 Clear the MULTI. FILE.I0. = | 
na eee ORE to Step C. 


Lo te wamowe the asterisk and shift the mame Left one positiona 
- @e If the resultant name is 4 MSERCODE proceed to Step F. 
2. Atkow the OPEN to proceeds — ee 7 | 
—4e At CLOSE time proceed to Step U. 


Mo 1. Remove the asterisk and shift the name left one position. 
28 If the resultant name is a LSERCODE proceed to Step H. 
te Proceed to Step C. — | 


Ne de Remove the asterisk and shift the name left one position. 
é€e Proceed to Step Co = | 


Qe i. Set the PACKoID from the USERCODE table using the USERCODE 
7 in the MULTI.FILE.ID. | : | 
Ze Proceed to Step &. 


Pe. de Allow the OPEN to procecd. | ae t 
é@e At CLOSE tine proceed to Step Us 


MQ. ide Display security error MEGS A2GE« 
be nan groaram NO aes | , 


Ris: de If Cha: OPEN violates file security proceed to Step Qa 
€e Allow OPEN ta proceed. or | | | 


Se de JT the USERCODE in the MULYLeFILE SID is the same as %he 
; USERCODE under which the ie) une then ante the 
QPEN ts proceeda 
2o Proceed to Step Ra. 


Te de If the program is attempting to Lock the file into the 
directory and the MULTI.FILE.ID contains a USERCODE then 
proceed to Step ¥. 7 
éo Alton the CLCSE to pruewieds 
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Us. 1. If the MULTI. FILE. ID does not contain ‘the USERCODE under 

| which this program is runnirg and the program is attenapting 
to lock this file into the cirectory proceed to Step V. 
2-2 Altow the CLOSE to proceed. 

Ve 1. Display an error message. 
- a 


. Discard the file. 


Allow the OPEN to proceed. 
Proceed to Step fT. 


SE LGRY Acree 
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